[Cryptography] client certificates ... as opposed to password hashing

Joe St Sauver joe at oregon.uoregon.edu
Tue May 27 11:04:05 EDT 2014


Hi,

Tony commented:

#That's great... so what's the problem? User experience
#
#Client certificate UX is terrible in all browsers. Worse, it's inconsistent
#between browsers. Managing certificates is terrible. Hell, browsers can't
#even decide whether or not they should use the system trust store or their
#own.

I'd distinguish between two phases when it comes to client certs:
provisioning, and routine use.

No question about it, provisioning is currently painful, although there are 
some commercial tools (Cloudpath ExpressConnect and SecureW2, for example) 
that have been putting a lot of effort into making cert installation a lot 
less painful, and the Internet2 community has also has been working on 
InCert, an open source option (see https://github.com/Internet2/incert and 
http://www.internet2.edu/vision-initiatives/initiatives/trusted-identity-education/incert/#incert-overview

Or, for that matter, a determined individual can just do it the "hard way,"
as described in 
http://pages.uoregon.edu/joe/secprof2012/sec-prof-2012-client-certs.pdf

The key point about provisioning is that it's a comparatively rare event for
most users (e.g., annual, worst case) and if you only use a single device 
(e.g., one laptop you use for everything), it isn't too bad. 

If you have multiple accounts and multiple devices, it gets harder, due to
the need to move more certs around to keep everything sync'd, or the need
to use a different deployment model (e.g., instead of one cert everywhere,
perhaps a different cert on each device, a model that obviously falls apart
for encryption rather than just signing and authentication)

But what about routine use? *If* all the user is doing is S/MIME, and 
everyone uses the same key for signing as for encryption, key exchange 
via signed messages works okay, and most popular email IMAP clients 
support S/MIME and you can even use something like Penango for web email 
(free for free Gmail account users). That largely just works.

HOWEVER, routine use gets harder when:

-- you're trying to more than just S/MIME
-- you're trying to work beyond just the enterprise, and there's no 
   global directory
-- you have multiple client certs (e.g., a non-repudiable signing cert
   and an escrowed encryption cert, perhaps)
-- you want to use smartcards or USB-format PKI hard tokens to store your
   certificates

What's really missing to-date has been use cases for client certs, at least
in the academic community. 

If I just want to do signed or encrypted email, PGP/GNU PrivacyGuard is a
compelling alternative.

Regards,

Joe

Disclaimer: all opinions purely my own.


More information about the cryptography mailing list